RSS feed Get our RSS feed

News by Topic

BizReport : Ecommerce archives : March 27, 2017

Report: Bot attempting to steal gift cards

Hackers aren't only going after actual bank accounts any longer. Distil Networks has identified a bot that is going after the gift card balances that consumers have with retailers.

by Kristina Knight

The bot is being called the GiftGhostBot, and according to experts with Distil Networks the bot is rolling through nearly 2 million gift card numbers each hour. Once actual gift card numbers are identified, the bots are then draining those accounts; they believe the fraudsters are then selling the stolen cards on the dark web.

"Like most sophisticated bot attacks, GiftGhostBot operators are moving quickly to evade detection, and any retailer that offers gift cards could be under attack at this very moment," said Rami Essaid, CEO of Distil Networks. "While it is important to understand that retailers are not exposing consumers' personal information, consumers should remain vigilant. Check gift card balances, contact retailers and ask for more information. In order to prevent resources from being drained, individuals and companies must work together to prevent further damage."

So far, the attack has been seen in action on more than 1,000 websites.

The fraudsters are using a rotation of user-agent strings to help it go undetected as it asks for the balances attached to the listing of gift cards. Once a balance is identified, the account is then drained of funds. The bog is currently working across hosting providers, mobile ISPs, and data centers.

Tags: Distil Networks, ecommerce, ecommerce fraud, gift card fraud, m:commerce fraud

Subscribe to BizReport



Copyright © 1999- BizReport. All rights reserved.
Republication or redistribution of BizReport content is expressly prohibited without the prior written consent.
BizReport shall not be liable for any errors in the content, or for any actions taken in reliance thereon.